# Build recipe for openssh.
#
# Copyright (c) 2018-2019, 2021-2022 Matias Fonzo, <selk@dragora.org>.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Exit immediately on any error
set -e

program=openssh
version=8.8p1
release=1

# Define a category for the output of the package name
pkgcategory=networking

tarname=${program}-${version}.tar.gz

# Remote source(s)
fetch=https://ftp3.usa.openbsd.org/pub/OpenBSD/OpenSSH/portable/$tarname

description="
The OpenSSH suite.

OpenSSH is the premier connectivity tool for remote login with the
SSH protocol.  It encrypts all traffic to eliminate eavesdropping,
connection hijacking, and other attacks.  In addition, OpenSSH provides
a large suite of secure tunneling capabilities, several authentication
methods, and sophisticated configuration options.
"

homepage=https://www.openssh.com
license=Custom

# Source documentation
docs="CREDITS ChangeLog LICENCE OVERVIEW PROTOCOL* README* TODO"
docsdir="${docdir}/${program}-${version}"

build()
{
    unpack "${tardir}/$tarname"

    cd "$srcdir"

    # Set sane permissions
    chmod -R u+w,go-w,a+rX-s .

    # A patch from Dragora to include a missing header at md5crypt.c file
    patch -p1 < "${worktree}/patches/openssh/openssh-include-stdio.h.patch"

    ./configure CPPFLAGS="$QICPPFLAGS" \
    CFLAGS="$QICFLAGS" LDFLAGS="$QILDFLAGS -static" LIBS="-ledit" \
     $configure_args \
     --libdir=/usr/lib${libSuffix} \
     --sysconfdir=/etc/ssh \
     --mandir=$mandir \
     --docdir=$docsdir \
     --enable-strip \
     --with-default-path='/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin' \
     --with-privsep-path=/var/lib/sshd \
     --with-privsep-user=sshd \
     --with-pid-dir=/var/run/sshd \
     --with-md5-passwords \
     --with-pie \
     --without-zlib-version-check \
     --build="$(gcc -dumpmachine)"

    make -j${jobs} V=1
    make -j${jobs} DESTDIR="$destdir" install

    # Make empty directories for the package
    mkdir -p "${destdir}/var/run/sshd" "${destdir}/var/lib/sshd"

    # Copy additional utilities

    cp -p contrib/ssh-copy-id "${destdir}/usr/bin"
    chmod 755 "${destdir}/usr/bin/ssh-copy-id"

    mkdir -p "${destdir}/${mandir}/man1"
    cp -p contrib/ssh-copy-id.1 "${destdir}/${mandir}/man1"

    # Install sshd perp service(s)

    mkdir -p "${destdir}/etc/perp/sshd"

    cp -p "${worktree}/archive/openssh/rc.log" \
          "${worktree}/archive/openssh/rc.main" \
          "${destdir}/etc/perp/sshd/"

    chmod 755 "${destdir}"/etc/perp/sshd/rc.*

    # THIS SERVICE IS DISABLED BY DEFAULT
    chmod -t "${destdir}/etc/perp/sshd"

    # Manage (dot) new files via graft(1)
    touch "${destdir}/etc/ssh/.graft-config" \
          "${destdir}/etc/perp/sshd/.graft-config"

    # Compress and link man pages (if needed)
    if test -d "${destdir}/$mandir"
    then
        (
            cd "${destdir}/$mandir"
            find . -type f -exec lzip -9 {} +
            find . -type l | while read -r file
            do
                ln -sf "$(readlink -- "$file").lz" "${file}.lz"
                rm -- "$file"
            done
        )
    fi

    # Copy documentation
    mkdir -p "${destdir}/$docsdir"
    cp -p $docs "${destdir}/$docsdir"
}

